The Uncomfortable Truth About Who Controls AI Now
In the space of two weeks this June, the US government did something it had never done so openly: it stepped into the labs of Anthropic and OpenAI and told them what they could and couldn't ship. It didn't pass a law. It reached for export controls — the machinery used for weapons — and treated a frontier AI model like a munition. Anthropic was forced to pull two of its newest models entirely. OpenAI was asked to hand out its next model one government-approved customer at a time.
So the obvious question, the one in the title, is: has Washington just taken control of AI? The short version — and the uncomfortable part — is that control hasn't disappeared, and it hasn't been captured by the government either. It has moved: off the model itself and onto compute, liability, and the people who can direct, defend with, and verify these systems. That shift should unsettle the people cheering this on and the people panicking about it in equal measure.
We'll walk through what actually happened, why the government's grip is both stronger and weaker than it looks, and — the part that matters for your career — where the real power has quietly gone. Let's get into it.
What Just Happened — the AI Regulation News Nobody Connected
Taken one at a time, the headlines looked like separate stories. Put them next to each other and a pattern jumps out.
In mid-June 2026, the US Commerce Department issued an export-control directive that forced Anthropic to pull its two newest frontier models, Fable 5 and Mythos 5, completely — not restrict them, pull them — over concerns about foreign-national access and the models' cyber-attack capabilities. Anthropic complied but said publicly the action wasn't "transparent or fair [or] grounded in technical facts." Outside experts called it arbitrary.
Days later, the same logic reached OpenAI. The Trump administration asked OpenAI to stagger the release of its next model, GPT-5.6, citing similar "Mythos-like" cyber capabilities. The detail that should stop you in your tracks: during the preview period, the government would approve access customer by customer — not "here are the rules," but signing off on who gets to use it, one at a time. Sam Altman confirmed the plan in a memo to staff and, tellingly, added that this was "not our preferred long-term model" for how releases should work.
Underneath both moves sits a policy shift. On 2 June 2026, President Trump signed Executive Order 14409, "Promoting Advanced Artificial Intelligence Innovation and Security," which created a nominally voluntary framework for the federal government to vet powerful models before release. Three days later, on 5 June, the White House issued a separate national-security memorandum on AI. The distinction matters: the executive order set up the release-vetting frame; the memorandum signalled the national-security logic now wrapped around the whole field. Either way, it's a genuine reversal — not long ago this administration's line was that excessive regulation could kill the industry.
And none of this came out of nowhere. It's the latest step in a journey that's been building for nearly three years:
| Date | Event |
|---|---|
| 30 Oct 2023 | Biden signs EO 14110 — the first major US executive order on AI safety |
| 1 Aug 2024 | EU AI Act enters into force (phased rollout begins) |
| 20 Jan 2025 | Trump revokes Biden's EO 14110 (via EO 14148) |
| 23 Jan 2025 | Trump signs EO 14179, "Removing Barriers to American Leadership in AI" |
| 2 Aug 2025 | EU AI Act's general-purpose AI (GPAI) model rules apply |
| 29 Sep 2025 | California signs SB 53, its frontier-AI law |
| 11 Dec 2025 | Trump signs EO 14365, a national AI policy framework |
| 2 Jun 2026 | Trump signs EO 14409 — voluntary framework for federal pre-release vetting of frontier models |
| 5 Jun 2026 | White House issues a national-security memorandum on AI |
| ~12–17 Jun 2026 | Commerce export-control directive forces Anthropic to pull Fable 5 and Mythos 5 |
| 25 Jun 2026 | Government asks OpenAI to stagger GPT-5.6 — approving access customer by customer |
| 26 Jun 2026 | Altman memo confirms the plan; GPT-5.6 is unveiled |
Look at the shape of it. We went from broad principles, to a deregulatory swing, to — in 2026 — the government reaching into specific products before they ship. The useful label for this is regulation by enforcement: there's no stable published rulebook, just case-by-case intervention, where each action becomes the next boundary marker.
The pattern in one line
Anthropic got hit with a stop-ship order. OpenAI watched it happen and decided to ask permission first. No law changed — the enforcement is the rulebook.
So that's what happened. Now here's why it matters more than the headlines suggest.
The Government Just Treated AI Like a Weapon
The tool the government reached for wasn't a new AI law. It was export control — the same legal machinery used for missiles, encryption, and nuclear materials. By invoking foreign-national access and restricting who can use the models, it's effectively treating a frontier model the way it'd treat a weapons technology.
That invites the comparison everyone reaches for: is AI the new nuclear weapon? It's a useful analogy — but only if we're honest about where it holds and where it breaks, because the differences are the whole point.
With a nuclear weapon, the hard part is the raw material. Enriched uranium is scarce, slow to produce, and detectable. You don't need every hospital and city armed to defend against a bomb. Frontier AI is almost the opposite. The inputs are abundant, and the finished weights behave like a file — once released, they can be copied, mirrored, and redistributed far faster than any regulator can recall them. Running them well is another matter, and that distinction is exactly where the real control story starts.
I want to be careful here, because this is where a lot of the commentary overreaches, and I don't want to. It's tempting to say "so the government is wasting its time." That's not right. There's a real difference between the frontier capability the government is trying to gate today and the commoditised capability already loose in the world. Gating the cutting edge for a window of time is a different thing from un-inventing what's already shipped. Hold that thought — it comes back.
Why the Off-Switch Doesn't Work the Way They Think
Can the government actually contain AI? Yes and no — and the "no" is subtler than the cheerleaders for either side admit.
Start with what can't be contained: the model weights themselves. Once a capable model is released openly, no directive recalls it. It's mirrored on hard drives in a hundred countries. And the most-used models on neutral platforms aren't even American — Chinese open-weight models like DeepSeek, Qwen and GLM keep shipping freely. By early 2026, reporting put them at roughly 61% of the tokens flowing through OpenRouter's top-ten models — not the whole platform, but still enough to make the point. So when the US gates a closed American model, the customer turned away often has a free alternative the same afternoon.
But the weights were never the real chokepoint. Training and running a frontier model needs enormous concentrated compute: advanced chips, specialised memory, vast data-centre power. And that is scarce, detectable, and gateable — it's exactly why chip export controls already exist.
Here's the paradox that creates, and it's worth saying plainly: gating compute doesn't stop proliferation, because the highly capable foreign open-weight models are already out and don't depend on US chips to run. So using the one control mechanism that actually works mostly kneecaps US competitiveness while accelerating the shift to ungoverned foreign models — the exact problem it's meant to solve.
So the honest verdict isn't "the government failed." It's that its control over AI is partial, costly, and competition-distorting — not absolute, but not nothing. Which is a far less comfortable conclusion than either camp wants. The off-switch is real; it just only works on part of the machine.
So What Are We Actually Trying to Stop? (And Is AI Dangerous?)
Underneath all this sits a question worth asking plainly: is AI dangerous enough to justify any of it? The honest answer is that "AI risk" isn't one thing — and this is where I have to push back on an argument I've made myself.
In cybersecurity — my field — there's a strong case that defenders need frontier-grade capability in their own hands. The same model that finds software vulnerabilities for an attacker finds and patches them for a defender. We saw this at DARPA's AI Cyber Challenge: in the 2025 final, autonomous systems identified 86% of the contest's synthetic vulnerabilities, discovered 18 real, previously-unknown vulnerabilities in live open-source software, and submitted patches in an average of 45 minutes. In cyber, locking the best capability away from defenders arguably makes us less safe.
But that's a cyber argument, and it doesn't transfer cleanly to everything else. The key isn't that cyber is the only domain where openness ever helps — it's that cyber has the strongest symmetry: defenders genuinely need the same capability attackers use. Other domains don't share that symmetry, and some don't have it at all. Take biology: there's no version of "bio-defence needs an offensive bioweapon-design model in every lab." More capability in more hands, for that specific risk, is plausibly net-negative. Here's the spread:
| Risk | Do defenders need the same capability? |
|---|---|
| Cyber-attack uplift | YESStrongest symmetry — defence needs offensive tooling |
| Bio / chemical weapon uplift | NOWider access mostly increases the hazard |
| Autonomous, self-replicating agents | NOThe capability is the hazard |
| Mass disinformation / election manipulation | MOSTLY NOGeneration scales faster than detection |
| Critical-infrastructure attacks | PARTLYNarrower than the cyber case |
So the symmetry that makes openness look obviously right in cyber gets weaker as you move down the list, and disappears entirely for bio. That's not an argument against my field's position — it's a reason to be precise about it. Cyber is the one place where gating clearly backfires, which is exactly why bio is treated differently.
And there's a serious counter-argument I won't dodge, because the safety people are right about it: even if a capability eventually becomes free, gating the cutting edge for a year or two buys a containment window. "It'll leak eventually" doesn't answer "it's contained right now, while we build defences." Safety often lives in that window. The fair criticism of the current approach isn't that buying time is pointless — it's whether case-by-case, customer-by-customer enforcement is worth its cost in distorted competition and a shove toward ungoverned foreign models.
Who Controls AI Now
So — who actually controls AI?
The honest answer is that control didn't vanish and it didn't get captured by Washington. It fractured into a stack. At the bottom, whoever owns the compute — chipmakers, governments, the few firms with the data centres. At the top, whoever carries the liability and insurance for deploying these systems — increasingly the real gate on what gets shipped commercially. And in the middle, where the actual work happens, control belongs to whoever can direct, defend with, and verify the models nobody can fully lock down or fully trust.
That middle layer is the one most people aren't looking at, and it's where my own thinking has shifted. We call open models "free," and at the level of the file, they are. But here's the part the industry keeps glossing over.
The security catch nobody mentions
A freely downloadable model is an un-auditable binary. Open-weight is not the same as open-source. You're running a multi-gigabyte artefact, often trained by a lab in another country, as a core dependency — with no way to see inside it.
For an enterprise, that's not a free lunch; it's a supply-chain exposure of a kind security people will recognise instantly. A model's behaviour can be conditioned in ways no firewall will catch, because there's no network call to inspect — the risk is baked into the artefact. So the freedom is real at the weights layer, but trust doesn't become free — it re-concentrates at the provenance layer. And that's precisely where new, durable value is forming: the ability to verify what a model is and whether you can run it. The genie is out of the bottle on capability. It is very much not out on trust.
What This Means for Your Career and Your Skills
Here's why this matters beyond making sense of the news. If control over AI has settled into that stack — compute at the bottom, liability at the top, verification in the middle — then the layer you can actually own is the middle one. So the career move is the same as the conclusion: become one of the people who can wield, defend, and verify these systems.
This is the opposite of the doom narrative. The fear is "AI will take my job." The more accurate version, the one I keep coming back to, is that AI won't take your job — someone who understands AI will, and increasingly they'll do the work of several people. That's not a threat if you're the one doing the understanding.
For our field specifically, this regulatory shift is almost a gift. It's putting a national-security spotlight on exactly the skills cybersecurity people are built for: defending systems with AI, and the trust-and-provenance discipline of asking "can I actually rely on this model I can't see inside?" Those aren't commodities a free download replaces. They're professions.
One concrete first step, and make it a security one: take a piece of AI-generated output you'd normally accept — a suspicious script you've asked it to triage, a CVE summary, a detection rule, a chunk of code — and treat the model as if it's compromised or hallucinating. Build a verification loop that proves the output is safe to use before you'd sign your name to it. The future of this work isn't generating the output; it's auditing it. (I went deep on why the value flows to the skilled user, not the model owner, in Everyone's Watching the Wrong AI Story — this regulatory turn is that thesis playing out in real time.)
The Bottom Line
Has the government taken control of AI? The uncomfortable truth is: it took more control than the optimists thought possible — and less than it would need to actually contain the technology. It reached for the off-switch and found the switch only works on part of the machine. Control didn't vanish; it fractured — to compute, to liability, and to the people who can direct, defend, and verify these systems.
So don't build your career around predicting the next executive order. Build it around the layer every regime will still need: the people who can use AI under pressure, verify what it did, and say honestly whether it can be trusted. Whatever happens to the share prices and the next EO, that's where the power is moving — and that's the bet I'd make.
AI Regulation FAQ: Your Questions Answered
Who controls AI now?
No single party. Control has fractured into a stack: whoever owns the compute (chipmakers, governments), whoever carries deployment liability (enterprises, insurers), and the skilled people who can direct, defend with, and verify these models. The government can gate the cutting edge but cannot recall what is already released.
Can the government actually stop AI?
Not the underlying capability — once a model's weights are released openly, they cannot be recalled. The government can meaningfully shape the frontier through the chokepoints it can control, chiefly compute (advanced chips), plus liability and procurement. The result is partial, costly control, not a true off-switch.
Is AI regulation good or bad?
It depends on the risk. For cybersecurity, locking the best capability away from defenders can make us less safe, because defence needs the same tooling as attack. For risks like bioweapon uplift, restricting access is more defensible, because there is no symmetric defensive need. Blanket judgements miss this; the honest answer is domain by domain.
Is AI dangerous?
Some capabilities genuinely are — particularly bio/chemical uplift, autonomous self-replicating systems, and large-scale disinformation. Others, like cyber tooling, are dual-use and arguably safer in defenders' hands. "AI is dangerous" is too broad to be useful; the specific risk is what matters.
What is the Trump AI executive order?
Executive Order 14409, "Promoting Advanced Artificial Intelligence Innovation and Security," signed 2 June 2026, created a nominally voluntary framework for the federal government to vet powerful new AI models before release — a notable reversal from the administration's earlier deregulatory stance. A separate national-security memorandum on AI followed on 5 June 2026.
Does this affect open-source and Chinese AI models?
Largely no — and that is the catch. US export controls bite on closed American models, but already-released open-weight models (including Chinese ones like DeepSeek, Qwen and GLM) cannot be recalled, so gating US models often just pushes demand toward ungoverned alternatives.
About the Author
Nathan House, Founder & CEO of StationX
Nathan House has 30 years of hands-on cybersecurity experience and is Cambridge-educated, holding CISSP, CISA, CISM, OSCP, CEH, and SABSA. He founded StationX in 1999 — one of the UK’s first cybersecurity companies — and has secured £71 billion in UK mobile banking transactions and the London 2012 Olympics, advising clients including Microsoft, Cisco, BP, Vodafone, and VISA. He authored the world’s most popular cybersecurity course — a #1 Udemy bestseller taken by over 500,000 students — and was named Cyber Security Educator of the Year 2020, AI Security Educator of the Year, and a UK Top 25 Security Influencer 2025. A DEF CON speaker and featured expert on CNN, Fox News, NBC, and the BBC, Nathan leads StationX’s training of more than half a million students worldwide.
